EP3559854A1 - Sicherheitsgerät und feldbussystem zur unterstützung einer sicheren kommunikation über einen feldbus - Google Patents
Sicherheitsgerät und feldbussystem zur unterstützung einer sicheren kommunikation über einen feldbusInfo
- Publication number
- EP3559854A1 EP3559854A1 EP17823142.9A EP17823142A EP3559854A1 EP 3559854 A1 EP3559854 A1 EP 3559854A1 EP 17823142 A EP17823142 A EP 17823142A EP 3559854 A1 EP3559854 A1 EP 3559854A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- field bus
- fieldbus
- security
- bus subscriber
- security device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 58
- 230000008878 coupling Effects 0.000 claims abstract description 16
- 238000010168 coupling process Methods 0.000 claims abstract description 16
- 238000005859 coupling reaction Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 14
- 238000012806 monitoring device Methods 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 7
- 238000003306 harvesting Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 claims description 3
- 238000000926 separation method Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0423—Input/output
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40006—Architecture of a communication node
- H04L12/40032—Details regarding a bus interface enhancer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/25—Pc structure of the system
- G05B2219/25428—Field device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/4026—Bus for use in automation systems
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Definitions
- the invention relates to a security device and a fieldbus system for supporting secure communication via a fieldbus.
- the communication security in the information and communication technology plays meanwhile in the entire Cyber space and thus also in the industrial one
- a measure is known with which a conventional device within a micro-network (microgrid) can be offered secure communication.
- a security device is switched between a conventional local device and a remote connection, which is designed as a BITW (bump-in-the-wire) device.
- BITW bump-in-the-wire
- Security mechanisms or functions i. Security mechanisms with which communication links between two or more subscribers can be protected against external attacks, for example.
- Ensuring information exchange between subscribers are, for example, authentication algorithms, integrity assurance algorithms or encryption and decryption algorithms.
- the known fieldbus networks are protected by means of arranged in the periphery of firewalls or application gateways, so that trusting zones arise within which the communication is unsafe.
- a safety-oriented device for connecting field devices to a safety-oriented fieldbus is known.
- a field bus connector is used which has a safety-oriented field bus interface parts, the transmission of safety-related signals via the fieldbus to a
- the safety-related signals correspond to the required safety categories and thus safety aspects.
- the fieldbus connector has a safety-related, fieldbus-neutral device interface to which a safety field device with a safety-related, fieldbus-neutral
- Fieldbus interface can be connected. Thanks to the special fieldbus plug, which has both a safety-related, fieldbus-neutral fieldbus interface and a safety-related, but fieldbus-dependent fieldbus interface, field devices only have to be developed for safety-related, fieldbus-neutral fieldbus interface parts.
- the invention has for its object to provide a safety device and a fieldbus system with which it is possible fieldbus participants who have no
- a security device to support secure communication over a fieldbus.
- the security device has a connection device for direct coupling of the security device with a network interface of a field bus subscriber designed for connection to a fieldbus, which is not designed for secure communication via the fieldbus. This means that the fieldbus participant has no security functionality to secure a
- the field bus subscriber who has no security functionality for securing a communication, is technically unable to protect an exchange of information between himself and at least one other field bus subscriber.
- the security device is designed such that in the coupled state between the security device and the field bus subscriber, which is not designed for secure communication via the fieldbus, a connection is such that after a separation or damage to the coupling, the proper operation of the
- Safety device is reversibly or irreversibly blocked.
- the security device also has a network interface for connecting the security device to the fieldbus.
- the security device has a transmitting and receiving device which is designed to transmit data coming from a directly coupled field bus subscriber, which is not configured for secure communication, safely via the fieldbus according to a predetermined security protocol.
- the transmitting and receiving device is designed to receive certain data via the field bus in accordance with the predetermined safety protocol for the field bus subscriber and to transfer the field bus subscriber as non-secure.
- a predetermined security protocol is a protocol which protects a communication connection or an information exchange between two or more subscribers.
- the predetermined one controls
- the security device is preferably for performing an authentication method and / or performing at least one cryptographic algorithm according to the
- predetermined security protocol to ensure secure, for example, protected against external attacks communication.
- the transmitting and receiving device can also be used to decrypt encrypted data received over the fieldbus and to encrypt data received from a
- the security device can have a secure storage device for storing cryptographic keys.
- the secure storage device can also programs for the execution of
- Security functions are stored according to the predetermined security protocol.
- Security protocols for communication security can be customized.
- the security device may have a programming interface, via which a corresponding programming of the security device is possible.
- the safety device can be updated via the fieldbus.
- the security device has a control device and a
- Monitoring device which is designed to monitor the connection between the safety device and a connected field bus subscriber.
- the control device is designed to block the proper operation of the safety device in response to an error signal from the monitoring device. Such an error signal may be triggered by the security device if the security device is properly, i. without damage, or forcibly separated from the connected fieldbus participant.
- Connector in particular in a RJ45 plug is integrated.
- control device may be designed to delete at least one of the cryptographic keys stored in the secure memory device in response to an error signal from the monitoring device and / or to block the connection device and / or the network interface of the security device irreversibly or reversibly. This measure ensures that the safety device can only continue to operate, if at all, if an operator detects the disconnection or damage to the coupling with the fieldbus device Security device releases, for example, the previously deleted
- Network interface and / or connection device are unlocked.
- the power supply of the safety device via the fieldbus for example by means of the known power-over-Ethernet technology, and / or by means of an internal power supply source and / or via a connected field bus subscriber and / or by means of energy harvesting
- the transmitting and receiving device may be configured to receive data from the
- a field device or a control device can be connected to the security device as a field bus subscriber.
- the predetermined security log contains a plurality of defined ones
- Encryption and integrity functions that can be implemented as a separate protocol stack or integrated into a fieldbus protocol.
- a fieldbus system to support secure communication over a fieldbus.
- the field bus system comprises a field bus, at least one first field bus subscriber, which has a network interface which is designed to be switched on to the field bus, wherein the at least one first field bus subscriber is not designed for secure communication via the fieldbus.
- a security device which has been defined above, wherein the security device is designed for secure communication according to a predetermined security protocol.
- the at least one field bus subscriber and the security device coupled to it are managed in the fieldbus system as a single field bus subscriber, for example by assigning a common address to the at least one field bus subscriber and the security device coupled to it.
- a second field bus subscriber is connected to the fieldbus, which is designed for secure communication with the security device of the at least one first field bus subscriber in accordance with the predetermined security protocol.
- the security device is detachable or not detachable with the at least one first
- a releasable connection is understood to mean, for example, a screw connection, while a non-detachable connection can be, for example, a riveted, welded or glued connection.
- eldbusteilier be designed as a field device or control device and the at least one second field bus participants as a field device or control device.
- a field device may, for example, be a sensor or actuator, while a control device may be, for example, a PLC (Programmable Logic Controller) or a DCS
- Figure 1 is an exemplary security device to support a secure
- Figure 2 shows another exemplary safety device
- Figure 3 shows an exemplary fieldbus system in which the invention is realized.
- FIG. 1 shows an exemplary security device 20 for supporting secure communication via a fieldbus 60, which is shown by way of example in FIG.
- the security device 20 serves to secure a communication via the fieldbus 60, for example, the protection of an exchange of information against external attacks.
- the security device 20 can be integrated in a plug connector, in particular in an RJ45 plug 20.
- the safety device 20 has a connection device 10 for direct coupling of the safety device 20 with one adapted to be connected to the fieldbus 60
- Fieldbus participant 30 has no security functionalities for securing a communication.
- the network interface of the field bus device 30 is preferably an RJ45 socket into which the RJ45 plug containing the security device 20 can be inserted.
- the RJ45 plug 10 and the RJ45 socket can be mechanically or detachably coupled together mechanically.
- connection or coupling between the security device 20 and the fieldbus participant 30 in such a way that the proper operation of the security device 20 is reversibly or irreversibly blocked in the event of disconnection or damage of the coupling.
- the security device 20 is riveted to the field bus user 30, so that by an attempt to remove the security device 20 from the field bus subscriber 30, the security device 20 is damaged so that a proper operation is irreversibly blocked.
- the Safety device 20 of the fieldbus participants 30 is not damaged, or not damaged in such a way that it is no longer functional.
- the security device 20 has a network interface 50 for connection to the fieldbus 60.
- the network interface 50 is an RJ45 socket which may be connected to the security device 20 via a cable 40.
- a transmitting and receiving device 24 is implemented, which is adapted to a directly coupled
- Fieldbus subscriber for example, the field bus subscriber 30, which is not designed for secure communication to transmit data safely over the fieldbus 60 according to a predetermined security protocol.
- Receiving device 24 is further configured to receive in accordance with the predetermined security protocol via the field bus 60 transmitted and intended for the field bus subscriber 30 specific data, then release and transfer to the fieldbus user 30. In this way, the exchange of information over the fieldbus 60 can be protected, for example against external attacks.
- the security device 20 may have a control device 22, which may be designed as a microcontroller. Furthermore, a monitoring device 21 can proceed, which is used to monitor the electrical and / or mechanical
- Fieldbus subscriber for example, the field bus subscriber 30, is formed, wherein the control device 22 is adapted to block in response to an error signal of the monitoring device 21, the proper operation of the safety device 20.
- an error signal may be triggered by the security device 20 when the security device 20 is properly, i. without damage, or forcibly disconnected from the coupled field bus subscriber 30.
- the monitoring device 21 may be formed, for example, as a pressure sensor, which detects when the security device 20 is coupled to the fieldbus participant 30. It is also conceivable that the monitoring device 21 is designed to a Detect current flow when the security device 20 is connected to the field bus subscriber 30.
- Receiving device 24 for decrypting encrypted data received via the fieldbus 60 and for encrypting data received from a
- the security device 20 may be configured to perform an authentication method and / or at least one cryptographic algorithm according to the predetermined security protocol.
- the security device 20 has a secure storage device 23 in which cryptographic keys can be stored. Further, programs may be stored in the secure storage device 23 or a separate storage device that may be executed by controller 22 to perform security functions in accordance with the predetermined security protocol.
- a secure storage device a hardware security module (HSM) can be used.
- the predetermined security protocol includes a plurality of security functions executable by the security device 20 that are known or are yet to be developed.
- the predetermined security protocol is able to
- An exemplary security function may be the execution of a MAC (Message
- Authentification Code support algorithm on layer 2.
- Another security feature can support transport layer security (TLS) for TCP-based protocols.
- Another security feature can support endpoint authentication and session key management on an application layer of the OSI layer model.
- the multi-security security protocol may be implemented as a separate protocol stack or integrated into a fieldbus protocol that may be stored in the security devices.
- the controller 22 may be configured to respond in response to a
- Error signal of the monitoring device 21 to delete at least one of the stored in the secure storage device 23 cryptographic key. In this way, the functionality of the security device 20 can be reversibly blocked. Because in the event that the security device 20 continues to be used, the deleted cryptographic key again in the memory 23
- the security device 20 a programming interface to the external
- Security device 20 are also adapted to changing security protocols. To the functionality or proper operation of the
- control device 22 is designed to respond in response to an error signal of the monitoring device 21, the connection device 10 and / or the safety device 20 to irreversibly block
- Network interface 50 irreversible or reversible lock.
- the power supply of the security device 20 can be made via the fieldbus 60, and / or by means of an internal power supply source (not shown), and / or via a connected field bus subscriber, for example the field bus subscriber 30, and / or by means of the energy harvesting technologies.
- a power supply of the security device 20 via the fieldbus 60 can be achieved, for example, with the known power-over-Ethernet technology.
- the field bus subscriber 30 shown in FIG. 1 may, for example, be a control device. As a field bus participant, however, a field device, such as a sensor or actuator with the security device 20 can be connected.
- FIG. 2 shows an alternative security device 120, which is accommodated in a housing 130. It should already be mentioned at this point that the mode of operation and the construction of the safety device 120 can essentially correspond to the functioning and structure of the safety device 20, so that in order to avoid repetition, reference is made to the explanations regarding the safety device 20.
- two flanges 127 and 128 may be arranged, in each of which an opening is provided, through which, for example, in each case a screw or a rivet for coupling the safety device 120 can be passed to a field bus subscriber.
- the security device 120 has a
- Connection device 121 for directly coupling the security device 120 with a network interface of a network interface designed for connection to a fieldbus
- Field bus subscriber for example, the field bus subscriber 30, which is not designed for secure communication via the fieldbus on.
- the connection device 121 may be formed as an RJ45 plug, which is led out of the housing 130 of the safety device 120.
- the security device 120 has a network interface 122 for connecting the security device 120 to the fieldbus 60.
- Network interface 122 may be configured as an RJ45 jack into which an RF-45 connector of a network cable may be inserted to connect security device 120 to fieldbus 60.
- the security device 120 further has a network interface 122 for connecting the security device 120 to the fieldbus 60, as can also be seen in FIG. Furthermore, the security device 120 has a transceiver 123, which is designed to receive data from a directly coupled field bus subscriber, for example the fieldbus subscriber 30, which is not configured for secure communication predetermined safety protocol to transmit securely over the fieldbus 60. Furthermore, the transmitting and receiving device 123 is configured to receive in accordance with the predetermined security protocol via the field bus 60 transmitted and intended for the field bus subscriber 30 specific data and the field bus subscriber 30 to pass.
- the security device 120 Similar to the security device 20, the security device 120, a
- Monitoring device 124, a secure memory 125 and a control device 126 have, for example, is designed as a microcontroller. To that
- a programming interface 129 may be provided.
- this programming interface 129 for example, a
- Computer can be connected, for example, over the cryptographic keys can be written to the secure memory 125.
- the security device 120 can also be adapted to changing security protocols.
- the corresponding security functions can also be stored in the secure memory 125 or in a separate memory (not shown).
- the microcontroller 126 may access the cryptographic keys and programs stored in the secure memory 125 to determine the corresponding ones
- FIG. 3 shows an exemplary fieldbus system 5 for supporting secure communication via the fieldbus 60.
- the fieldbus system 5 has the field bus 60 and at least one first
- Fieldbus participant 80 which has a network interface 81, which is designed to turn on the field bus device 80 to the fieldbus 60.
- the at least one first field bus subscriber 80 which may be a sensor, for example, is not designed for secure communication via the fieldbus 60.
- the field bus subscriber 80 contains no security functionality at all to secure a communication and thus also no security functionality for securing a communication via the fieldbus 60.
- the at least one first field bus subscriber 80 is connected to a security device 120 'via the network interface 81.
- the security device 120 ' is designed for secure communication according to a predetermined security protocol.
- a security functionality is implemented in the security device 120 ', which may, for example, perform authentication, integrity protection, data encryption, and data decryption to protect the security device
- the safety device 120 ' can be a safety device which is essentially identical in construction and in the mode of operation to the safety device 120 shown in FIG.
- the security device 120 ' has a transceiver unit and a network interface 122' for connection to the fieldbus 60 and a connection interface 121 'for mechanical and electrical connection to the fieldbus participant 80.
- the security device 120 ' have a control device, a monitoring device, a secure storage device and a programming interface.
- the security device 120 ' can be accommodated in a housing 130', on which two flanges 127 'and 128' can be arranged.
- the flanges 127 'and 128 each have an opening through which a respective screw 111 or 110 or a respective rivet for mechanical coupling with the fieldbus participant 80 can be passed. in the
- Feldbusteilauer 80 may be provided corresponding recesses for receiving the screws.
- a network cable 92 is for connecting the
- Security device 120 ' connected to the fieldbus 60 to the network interface 122' of the security device 120 '.
- Fieldbus subscriber 70 may be connected via a network cable 91.
- Fieldbus participant 70 is formed in contrast to the fieldbus participant 80 for secure communication over the fieldbus 60. In other words, in that
- Fieldbus subscribers 70 are the security functions of the predetermined one
- the control device 30 shown in FIG. 1 is also connected to the fieldbus 60 via the safety device 120 shown in FIG.
- the security device 120 is, for example, via screws 100 and 101, which are passed through the openings in the flanges 127 and 128 of the housing 130, not detachably connected to the control device 30.
- the security device 120 is also connected to the fieldbus 60 via a network cable 90.
- the network cable 90 is connected to the network interface 122 of the security device 120 for this purpose.
- the security device 120 and the security device 122 ' can also be non-detachably connected via a riveted connection to the control device 30 or to the sensor 80.
- Such a mechanical coupling ensures that the respective security device can not be removed from the respective field bus user without destroying or damaging the network interface 122 or 122 '.
- Such a riveted connection thus ensures that the functionality of the safety device 120 or 120 'is irreversibly blocked after removal. This means that security device can not be used anymore.
- the security devices 120 and 120 ' can be supplied with power via the fieldbus 60, for example by means of the known Power Over Ethernet technology. Alternatively or additionally, the security device 120 from the
- Control device 30 and the safety device 120 ' are powered by the sensor 80.
- each security device may have its own internal power supply, for example in the form of a battery.
- the known energy harvesting technologies can also be used to power the security devices 120 and 120 '.
- security devices 20, 120 and 120 can be considered as so-called hardware security modules in which
- Security algorithms, random number generators and encryption algorithms can be implemented according to a predetermined security protocol.
- the exemplary fieldbus system 5 it is possible, inter alia, to transmit data to be transmitted from the sensor 80 to the control device 30.
- the security device 120 decrypts the received data again and passes them to the controller 30 unencrypted.
- data from the actuator 70 may be encrypted and transmitted to the security device 120 and then decrypted to the controller 30.
- data determined by the control device 30 for the sensor 80 is first transmitted in encrypted form by the security device 120 via the fieldbus 60 to the security device 120 '.
- the received data is then decrypted by the security device 120 'and transferred to the sensor 80.
- the security devices 120 and 120 'as well as the actuator 70 can be designed to be a mutual one
- the security devices 120 and 120 ' it is now possible via the field bus 60, a secure, for example, protected against external attacks communication between the field bus devices 70 and 80 and the controller s device 30 to allow, even if the control device 30 and the field bus subscriber 80 itself have no communication security measures.
- Control unit 30 is disconnected from the fieldbus 60, without the control unit 30 is removed from the security device 120.
- the proper operation of the safety device 120 can be reactivated by a targeted intervention of an operator, so that the control device 30 can be connected to the coupled safety device 120 again to the fieldbus 60 and operated.
- Security device 120 or the security device 120 ' is designed to pass data from the control device 30 or data from the sensor 80 transparent to the fieldbus 60 to a conventional, i. enable non-secure communication between the controller 30 and the sensor 80. This can be useful if an existing, non-secure fieldbus system is to be switched to a safe fieldbus system.
- the safety devices 120 or 120 ' are coupled to the field bus users 30 and 80, which are not designed for secure communication, and connected to the field bus 60. At first they work
- Security devices in transparent operation. At a later time, the corresponding security functions are then enabled in the security devices 120 and 120 'in accordance with the security protocol.
- the field bus subscriber 30 and the coupled with him are advantageousously, the field bus subscriber 30 and the coupled with him.
- Security device 120 in the fieldbus system 5 manages as a single field bus subscriber by, for example, the field bus subscriber 30 and the coupled to him
- Security device 120 is assigned a common address. Similarly, the field bus subscriber 80 and the security device 120 'coupled thereto may also be assigned a common address. In this way, the exemplary
- Fieldbus system 5 are considered as a field bus system with three field bus subscribers.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Small-Scale Networks (AREA)
- Selective Calling Equipment (AREA)
- Programmable Controllers (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102016125511.4A DE102016125511A1 (de) | 2016-12-22 | 2016-12-22 | Sicherheitsgerät und Feldbussystem zur Unterstützung einer sicheren Kommunikation über einen Feldbus |
PCT/EP2017/084257 WO2018115378A1 (de) | 2016-12-22 | 2017-12-21 | Sicherheitsgerät und feldbussystem zur unterstützung einer sicheren kommunikation über einen feldbus |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3559854A1 true EP3559854A1 (de) | 2019-10-30 |
EP3559854B1 EP3559854B1 (de) | 2021-07-21 |
Family
ID=60915527
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP17823142.9A Active EP3559854B1 (de) | 2016-12-22 | 2017-12-21 | Sicherheitsgerät und feldbussystem zur unterstützung einer sicheren kommunikation über einen feldbus |
Country Status (6)
Country | Link |
---|---|
US (1) | US11423187B2 (de) |
EP (1) | EP3559854B1 (de) |
JP (1) | JP6968175B2 (de) |
CN (1) | CN110291526B (de) |
DE (1) | DE102016125511A1 (de) |
WO (1) | WO2018115378A1 (de) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102018108309A1 (de) * | 2018-04-09 | 2019-10-10 | Wago Verwaltungsgesellschaft Mbh | Automatisierungssystem, Reihenklemme für Automatisierungssysteme sowie Verfahren hierzu |
JP7251171B2 (ja) * | 2019-01-30 | 2023-04-04 | オムロン株式会社 | コントローラシステム、制御ユニット、および制御プログラム |
CN110430014B (zh) * | 2019-07-19 | 2022-02-01 | 河海大学 | 一种用于现场总线信道加密的硬件加密网关及加密方法 |
CN110557244B (zh) * | 2019-09-06 | 2021-12-28 | 江苏省水文水资源勘测局 | 一种水利工业控制系统中应用数据单元加密方法 |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE4001450A1 (de) * | 1990-01-19 | 1991-07-25 | Merten Gmbh & Co Kg Geb | Geraetekombination |
US6564268B1 (en) * | 1999-03-17 | 2003-05-13 | Rosemount Inc. | Fieldbus message queuing method and apparatus |
DE10248100A1 (de) * | 2002-10-15 | 2004-04-29 | Abb Patent Gmbh | Sicherheitsgerichtete Vorrichtung zum Anschluss von Feldgeräten an einen Feldbus |
DE10331309A1 (de) | 2003-07-10 | 2005-02-10 | Siemens Ag | Vorrichtung und Koppelgerät, so genannter transparenter Tunnel-Proxy, zur Sicherung eines Datenzugriffs |
US7711963B2 (en) * | 2004-03-23 | 2010-05-04 | Harris Corporation | Modular cryptographic device providing enhanced interface protocol features and related methods |
US7950044B2 (en) | 2004-09-28 | 2011-05-24 | Rockwell Automation Technologies, Inc. | Centrally managed proxy-based security for legacy automation systems |
DE102005008488B4 (de) * | 2005-02-24 | 2011-08-18 | VEGA Grieshaber KG, 77709 | Datenübertragungssystem zur drahtlosen Kommunikation |
US20070067458A1 (en) | 2005-09-20 | 2007-03-22 | Rockwell Software, Inc. | Proxy server for integration of industrial automation data over multiple networks |
US7555570B2 (en) | 2006-02-17 | 2009-06-30 | Avocent Huntsville Corporation | Device and method for configuring a target device |
EP1903411B1 (de) | 2006-09-21 | 2013-03-06 | Rockwell Software Inc. | Proxy-Server zur Integration von industriellen Automatisierungsdaten über mehrere Netzwerke |
DE102007052523A1 (de) | 2007-11-01 | 2009-05-14 | Phoenix Contact Gmbh & Co. Kg | Verbinder und Verfahren zum Bereitstellen eines Zugangs zu einem Datenverarbeitungsnetz für eine Datenverarbeitungseinrichtung |
ATE538422T1 (de) * | 2008-09-08 | 2012-01-15 | Siemens Ag | Automatisierungssystem, gerät zur verwendung in einem automatisierungssystem und verfahren zum betreiben eines automatisierungssystems |
JP5482059B2 (ja) | 2009-03-13 | 2014-04-23 | 富士通株式会社 | 記憶装置、および記憶装置へのアクセスを制御するためのプログラム |
DE102009027697A1 (de) * | 2009-07-15 | 2011-01-20 | Endress + Hauser Gmbh + Co. Kg | System zur Steuerung und/oder Überwachung einer Prozessanlage in der Automatisierungstechnik |
US8315718B2 (en) * | 2009-10-02 | 2012-11-20 | General Electric Company | Control systems and methods of providing the same |
EP2320285A1 (de) * | 2009-11-06 | 2011-05-11 | VEGA Grieshaber KG | Datenbearbeitungsvorrichtung für ein Feldgerät |
DE102011002703A1 (de) * | 2011-01-14 | 2012-07-19 | Siemens Aktiengesellschaft | Verfahren und Vorrichtung zum Bereitstellen eines kryptographischen Schlüssels für ein Feldgerät |
DE102011007571A1 (de) * | 2011-04-18 | 2012-10-18 | Siemens Aktiengesellschaft | Tamperschutzvorrichtung zum Tamperschutz eines Feldgeräts |
AU2013319831A1 (en) * | 2012-09-21 | 2015-03-26 | Visa International Service Association | A dynamic object tag and systems and methods relating thereto |
US9734114B2 (en) * | 2012-12-24 | 2017-08-15 | Festo Ag & Co. Kg | Field unit and a method for operating an automation system |
WO2014206451A1 (de) * | 2013-06-25 | 2014-12-31 | Siemens Aktiengesellschaft | Verfahren und vorrichtung zum sicheren übertragen von signaldaten in einer anlage |
DE102013109096A1 (de) * | 2013-08-22 | 2015-02-26 | Endress + Hauser Flowtec Ag | Gegen Manipulation geschütztes elektronisches Gerät |
US20150095635A1 (en) * | 2013-10-02 | 2015-04-02 | Lantronix, Inc. | Secure Communication Port Redirector |
DE102014001462B4 (de) * | 2014-02-05 | 2021-02-04 | Festo Se & Co. Kg | Feldbusmodul, Maschinensteuerung und Verfahren zur Parametrierung eines, insbesondere sicherheitsgerichteten, Feldbusmoduls |
US10218675B2 (en) | 2014-04-28 | 2019-02-26 | Honeywell International Inc. | Legacy device securitization using bump-in-the-wire security devices within a microgrid system |
DE102014110385B4 (de) * | 2014-07-23 | 2018-01-11 | Endress+Hauser Conducta Gmbh+Co. Kg | Eigensicherer Funkdongle für ein Feldgerät |
US20160028693A1 (en) | 2014-07-28 | 2016-01-28 | Ge Intelligent Platforms, Inc. | Apparatus and method for security of industrial control networks |
US9871819B2 (en) | 2014-11-13 | 2018-01-16 | General Electric Company | Zone-based security architecture for intra-vehicular wireless communication |
-
2016
- 2016-12-22 DE DE102016125511.4A patent/DE102016125511A1/de not_active Withdrawn
-
2017
- 2017-12-21 WO PCT/EP2017/084257 patent/WO2018115378A1/de unknown
- 2017-12-21 US US16/472,811 patent/US11423187B2/en active Active
- 2017-12-21 CN CN201780080133.6A patent/CN110291526B/zh active Active
- 2017-12-21 EP EP17823142.9A patent/EP3559854B1/de active Active
- 2017-12-21 JP JP2019534095A patent/JP6968175B2/ja active Active
Also Published As
Publication number | Publication date |
---|---|
DE102016125511A1 (de) | 2018-06-28 |
CN110291526A (zh) | 2019-09-27 |
JP2020502691A (ja) | 2020-01-23 |
WO2018115378A1 (de) | 2018-06-28 |
JP6968175B2 (ja) | 2021-11-17 |
CN110291526B (zh) | 2023-04-04 |
US20190370505A1 (en) | 2019-12-05 |
EP3559854B1 (de) | 2021-07-21 |
US11423187B2 (en) | 2022-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3559854B1 (de) | Sicherheitsgerät und feldbussystem zur unterstützung einer sicheren kommunikation über einen feldbus | |
EP3252550B1 (de) | Modulare sicherheits-steuerungseinrichtung mit kryptografischer funktionalität | |
EP3422657A1 (de) | Verfahren und sicherheits-steuerungseinrichtungen zum senden und empfangen kryptographisch geschützter netzwerkpakete | |
EP2586178B1 (de) | Verfahren zur manipulationsgesicherten schlüsselverwaltung | |
EP3456026A1 (de) | Verfahren zum aufbau gesicherter kommunikationsverbindungen zu einem industriellen automatisierungssystem und firewall-system | |
DE10124800A1 (de) | Prozessautomatisierungssystem und Prozessgerät für ein Prozessautomatisierungssystem | |
DE102017223099A1 (de) | Vorrichtung und Verfahren zum Übertragen von Daten zwischen einem ersten und einem zweiten Netzwerk | |
WO2012041654A1 (de) | Verfahren und system zur sicheren datenübertragung mit einer vpn- box | |
DE102005046462B4 (de) | Netzwerkkomponente für ein Kommunikationsnetzwerk, Kommunikationsnetzwerk und Verfahren zur Bereitstellung einer Datenverbindung | |
WO2018219767A1 (de) | Verfahren zur kommunikation zwischen einem mikrocontroller und einem transceiver baustein, mikrocontroller und transceiver baustein | |
EP2407843A1 (de) | Sichere Datenübertragung in einem Automatisierungsnetzwerk | |
DE60307719T2 (de) | Austauschdaten unter Verwendung einer Verschlüsselung mit öffentlichem Schlüssel | |
EP3554114A1 (de) | Verfahren, vorrichtungen und computerprogrammprodukt zur überwachung einer verschlüsselten verbindung in einem netzwerk | |
WO2019015860A1 (de) | Verfahren, vorrichtungen und computerprogrammprodukt zur überprüfung von verbindungsparametern einer kryptographisch geschützten kommunikationsverbindung während des verbindungsaufbaus | |
EP3525390A1 (de) | Einrichtung und verfahren zum bereitstellen mindestens eines sicheren kryptographischen schlüssels für den durch ein steuergerät initiierten kryptographischen schutz von daten | |
EP3439229A1 (de) | Verfahren und vorrichtungen zum erreichen einer sicherheitsfunktion, insbesondere im umfeld einer geräte- und/oder anlagensteuerung | |
EP3324596B1 (de) | Schutzvorrichtung und netzwerkverkabelungsvorrichtung zur geschützten übertragung von daten | |
EP3895387B1 (de) | Kommunikationsmodul | |
EP1403749A1 (de) | Automatisierungssystem sowie Verfahren zu dessen Betrieb | |
EP2446599B1 (de) | Gegen manipulation geschützte datenübertragung zwischen automatisierungsgeräten | |
EP2245834A1 (de) | Sichere datenkommunikation | |
EP3489775A1 (de) | Kryptographischer schutz von parametern zur steuerung eines aktors | |
EP2898635B1 (de) | System und verfahren zur wartung einer werkzeugmaschine | |
EP1496665B1 (de) | Verfahren zur Festlegung von Sicherheitseinstellungen in einem Automatisierungsnetz | |
EP3252551A1 (de) | Modulare sicherheits-steuerungseinrichtung mit kryptografischer funktionalität |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20190626 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20200616 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 502017010988 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: G06F0021860000 Ipc: G05B0019042000 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 12/40 20060101ALI20210129BHEP Ipc: H04L 29/08 20060101ALI20210129BHEP Ipc: G06F 21/86 20130101ALI20210129BHEP Ipc: G05B 19/042 20060101AFI20210129BHEP |
|
INTG | Intention to grant announced |
Effective date: 20210225 |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: PHOENIX CONTACT GMBH & CO. KG Owner name: ABB SCHWEIZ AG |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 502017010988 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 1413145 Country of ref document: AT Kind code of ref document: T Effective date: 20210815 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20210721 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20211021 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20211122 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20211021 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20211022 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 502017010988 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 |
|
26N | No opposition filed |
Effective date: 20220422 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20211231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20211221 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20211221 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20211231 Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20211231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20211231 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20211231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230525 |
|
P02 | Opt-out of the competence of the unified patent court (upc) changed |
Effective date: 20230531 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20171221 |
|
P02 | Opt-out of the competence of the unified patent court (upc) changed |
Effective date: 20231115 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20231219 Year of fee payment: 7 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MM01 Ref document number: 1413145 Country of ref document: AT Kind code of ref document: T Effective date: 20221221 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221221 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210721 Ref country code: AT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221221 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20240228 Year of fee payment: 7 |